CVE-2022-41427 Bento4 v1.6.0-639 had a memory leak in the AP4_AvcFrameParser::Feed function.
As a result, a attacker could leverage this issue to crash the application or execute arbitrary code on the system. Note that memory leak vulnerabilities
CVE-2022-42004 Jackson Databind before 2.13.4 can exhaust resources because of a lack of a check in BeanDeserializer._deserializeFromArray.
A resource exhaustion can occur when deserializing a source that contains deeply nested arrays, because the deserializer does not enforce a limit on the depth
CVE-2022-42003 Databind before 2.14.0-rc1 can exhaust resources when UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
This results in excessive calls to primitive value deserializers, which can lead to resource exhaustion. If UNWRAP_SINGLE_VALUE_ARRAYS is disabled and resource exhaustion
CVE-2022-23726 Previous versions of the PingCentral Ping API exposed Spring Boot actuator endpoints with administrative authentication that gives away sensitive information.
The most common attack scenario is via an outside party using a web crawling tool to search for available endpoints and then craft a request
CVE-2022-41437 Billing System Project v1.0 had a remote code execution vulnerability in the createProduct.php component.
This can be leveraged to install a custom PHP script onto the system via a remote attacker. An attacker can leverage this RCE vulnerability to
Episode
00:00:00
00:00:00